chore(ci): publish helm charts to gh-pages on tags

[roderik]

Summary

• replace Harbor registry push with helm-gh-pages publishing
• restrict chart publishing to tagged pushes
• remove the unused Helm packaging script

Testing

• bun check
• bun test
• bun typecheck

Summary by Sourcery

Switch Helm chart publishing in the CI workflow from Harbor to GitHub Pages on tagged releases and remove associated packaging scripts.

CI:

• Remove Harbor login and chart push steps from the QA workflow
• Add helm-gh-pages action to publish charts on push events to Git tags
• Limit chart publishing step to tag references only

Chores:

• Remove unused Helm packaging and Harbor push scripts from package.json
• Clean up Harbor credentials from CI environment variables

[gemini-code-assist]

Summary of Changes

Hello @roderik, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refactors the continuous integration process for Helm chart publishing. The primary goal is to transition the chart distribution mechanism from an internal Harbor registry to GitHub Pages, providing a more standardized and accessible approach. This change also enforces that chart releases are tied to Git tags, enhancing version control, and includes a cleanup of outdated packaging scripts.

Highlights

• Helm Chart Publishing: The method for publishing Helm charts has been updated, moving from pushing to a Harbor registry to utilizing helm-gh-pages for distribution.
• Publishing Restriction: Chart publishing is now explicitly restricted to occur only when a new tag is pushed, ensuring versioned releases.
• Script Removal: Obsolete Helm packaging and Harbor registry push scripts have been removed from the package.json file, streamlining the project configuration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

To view in Slack, search for: 1758136398.456669

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Blocking issues:

• An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. (link)

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `.github/workflows/qa.yml:277` </location>
<code_context>
        uses: stefanprodan/helm-gh-pages@v1.7.0
</code_context>

<issue_to_address>
**security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha):** An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

*Source: opengrep*
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.

Source: opengrep

[gemini-code-assist]

Code Review

This pull request removes the npm scripts for packaging and pushing the Helm chart to Harbor, which aligns with the goal of migrating to a GitHub Pages-based publishing workflow. The change is clean and focused. However, the documentation in README.md has not been updated to reflect the new way of consuming the Helm chart from GitHub Pages. I've left a specific comment regarding this.